Saltar al contenido principal

Mandato — Administrator Guide

This guide is for firm directors and administrators — the people who set up Mandato, invite the team, connect integrations, and keep the firm compliant. Everything here lives behind director-only controls; lawyers and paralegals won't see most of it.

📘 For day-to-day features (clients, cases, documents, communications) see the User Guide. For obtaining each integration's API key, see API Keys Setup.

Contents

  1. Roles & Permissions
  2. User Management
  3. Integration Setup
  4. Branding
  5. Playbooks
  6. Intake Forms
  7. Data Import
  8. Backups & Data Export
  9. Compliance Configuration
  10. Firm Preferences
  11. Billing & Subscription
  12. Super-Admin Console
  13. Setup Checklist

1. Roles & Permissions

Mandato has four firm roles. Each only ever sees what it should — isolation is enforced at the database level (Row Level Security), not just hidden in the UI.

RoleWhat they can do
DirectorEverything: all cases and financials, trust accounts, compliance, settings, integrations, branding, team management, backups.
LawyerFull case access, create clients, assign tasks, post trust entries, view their own financials. Cannot change firm settings.
ParalegalAssigned cases only — update tasks, upload documents. No financials; trust is view-only.
ClientPortal only — their own cases, documents, invoices and messages. Read-only except uploads.

Director-only controls are gated by the settings:manage permission. If a colleague can't see a setting described here, they're not a director.

There is also a separate Super-Admin tier for platform operators (across all firms) — see section 12.

2. User Management

Where: Settings → Team & Roles, and the Team page.

Inviting a team member

  1. Go to Settings → Team & Roles and click Invite team member.
  2. Enter the email, an optional name, and pick the role (director, lawyer, paralegal or client). The default is lawyer.
  3. Click Invite team member. Mandato shows a share link — click Copy link and send it to the new member.
  4. The invitation is valid for 14 days. Pending invites are listed under the Team & Roles card; you can re-send or revoke them there.

When the person opens the link and signs in with Google, they join your firm with the role you chose.

Changing a role or removing someone

  • In Settings → Team & Roles, each member has a role dropdown — change it there (you can't change your own role).
  • The Team page shows every member as a card with their workload (open cases, tasks, assigned colour). Click a member to see their full profile, cases and tasks.

💡 Assign each lawyer a colour — it's used to tint their cases and calendar events so the team can tell work apart at a glance.

3. Integration Setup

Where: Settings → Integrations (the Integrations Hub).

Every integration has a card showing its status and a Set up button that opens a step-by-step wizard (what the service does, a sign-up link, where to find the key, an input field and a Test connection button). The first-run checklist nudges you to connect at least three.

None of them are required — every feature has a demo fallback, so Mandato works out of the box. Connecting a service swaps the demo for the real thing.

Where credentials live

  • Per-firm keys are entered in the wizard and stored encrypted against your firm: Claude, Resend, Recall.ai, Stripe, Holded, OpenSanctions.
  • Deploy-time environment variables are set once for the whole deployment in Netlify (or .env.local locally) because they're infrastructure-level: Google Maps, the WhatsApp number/token, and the OAuth client secrets (Google, Microsoft). These need a redeploy to take effect.

This guide covers what to do inside Mandato. For getting each key from the provider (exact URLs, screens, pricing), follow API Keys Setup.

IntegrationTypeIn-app step
Claude AI (Anthropic)Per-firm keySettings → Integrations → Claude AI → Set up → paste key → Test → Save
Google CalendarOAuthSettings → Integrations → Google Calendar → Connect
Email (Gmail / Outlook)OAuth + BCCSettings → Integrations → Email → Connect, or enable system inbox (BCC)
Resend (email delivery)Per-firm keySet up → paste re_… key → set sender domain
Recall.ai (meeting recording)Per-firm keySet up → paste key → Test
Stripe (payments + subscription)OAuth or keysConnect with Stripe, or paste publishable + secret keys
Holded (accounting export)Per-firm keySet up → paste key → Test → Connect → Sync now
OpenSanctions (AML screening)Per-firm keySet up → paste os_… key → Test → enable auto-screen
360dialog (WhatsApp)Env var + webhookSet deploy env vars, then copy the webhook URL into 360dialog
Google Maps (address autocomplete)Env varSet NEXT_PUBLIC_GOOGLE_MAPS_API_KEY in Netlify, redeploy
BOE / BORMEToggleToggle on in the Integrations page

🔁 Fallback order. Each integration resolves its credential as firm key → system environment variable → demo simulation, so the product is always fully usable even with nothing configured.

4. Branding

Where: Settings → Branding (director-only).

Set the firm's visual identity once and it flows everywhere — the client portal, the login page, and outgoing emails.

Fields:

  • Firm Name — the display name used on portals and emails.
  • Logo URL — a link to your logo (PNG/SVG).
  • Primary Color and Secondary Color — hex pickers; text colour is chosen automatically for contrast.
  • Email Footer — custom footer text appended to outgoing emails.

A live preview header shows your logo and name on the primary colour as you edit. Click Save to apply, or Reset to return to defaults.

5. Playbooks

Where: Settings → Playbooks (Manage playbooks).

A playbook defines the stages and the task checklist for a practice area — what shows up as Kanban columns and starter tasks when a case is created.

  1. The playbooks index lists all practice areas. Areas you've customised show a Customized badge, plus a summary like "6 stages · 14 tasks".
  2. Click an area to open its editor. Add, rename, reorder or delete stages; under each stage, add or edit task templates (title, description, default assignee, due-date offset).
  3. Save to apply, or Reset to default to fall back to Mandato's built-in playbook for that area.

Your customisations are stored against your firm; areas you don't touch keep the code defaults. You can also turn whole practice areas on or off in Settings → Practice Areas.

6. Intake Forms

Where: Settings → Intake Forms (director-only to create/edit).

Build public enquiry forms for your website that feed straight into Leads.

  1. Click New form. Give it a name and an accent colour, and toggle it Enabled.
  2. Configure the fields (reorder, mark required, enable/disable) — it starts with sensible defaults (name, email, phone, message).
  3. Save. Each form gets a shareable URL (/<locale>/intake/<formId>) — use Copy link to embed it or Preview to test it.

Submissions appear in Leads and notify your team. The public submission path is the only anonymous write into the system and is tightly access-controlled.

7. Data Import

Where: Settings → Import Data.

Bulk-add records from a spreadsheet.

  1. Choose the Clients or Cases tab.
  2. Upload a CSV. Mandato auto-detects the header row and lets you map your columns to Mandato fields (name, email, nationality… for clients).
  3. Review the preview (first few rows), then click Import. A success message confirms how many records were added.

Import clients first, then cases (so cases can link to the right client).

8. Backups & Data Export

Where: Settings → Backups & Data Export (director-only).

  • Export all data — click Export all data to download a ZIP of CSVs (clients, cases, tasks, invoices, communications, audit log) plus the document vault. This satisfies a GDPR Subject Access Request.
  • Automated schedule — enable scheduled backups and pick a frequency (daily / weekly / monthly). Retention keeps the last 30 daily, 12 weekly and 12 monthly backups in Supabase Storage. Click Save.
  • Platform database backups — informational: the underlying database is backed up automatically every 24h, with point-in-time recovery available on the Pro plan. A link opens the Supabase dashboard.

9. Compliance Configuration

Where: Settings → Compliance Screening (OpenSanctions), plus the Compliance and Risk sections in the sidebar.

Screening provider

  1. In the OpenSanctions card, paste your API key and click Test connection. The status flips from Demo mode to Live.
  2. Enable Automatically screen all new contacts so every new client is checked against sanctions and PEP lists on creation.
  3. Set a re-screen interval (3, 6 or 12 months) so existing clients are re-checked on schedule.

Day-to-day compliance

  • The Compliance section surfaces clients with matches requiring review, those due for re-screening, and a compliance calendar that can auto-create tasks for upcoming regulatory deadlines.
  • The Risk section shows the firm-wide spread of clients by risk tier.
  • Everything is recorded in the immutable Activity log for Ley 10/2010 audit purposes. Documents are retained for 10 years.

🛡️ Mandato never builds tax compliance. SII/VAT/FacturaE live in your accounting tool — Mandato only tracks records and exports.

10. Firm Preferences

These director-only cards in Settings fine-tune how the firm works:

  • Time Tracking — turn time tracking on/off and set billing multipliers.
  • Automatic Time Tracking — passively log time spent on a case page.
  • Expense Categories — manage the list used when logging case expenses.
  • Fee Proposal Templates — default scope and fee structure per practice area.
  • Client Satisfaction (NPS) — enable surveys, set the delay after case closure, and customise the question. Surveys send automatically and are answered on a public, no-login page.
  • Smart Client Reminders — automatic reminders for NIE expiry, property tax (IBI), client check-ins and annual accounts, with a "due within X days" window and a "silent for X days" guard against duplicates.
  • Referral Program — track referral sources and send automatic thank-yous by email or WhatsApp.
  • Weekly Digest — a scheduled summary email (stats, tasks, activity).
  • Notifications — a grid that sets, per notification type, whether it's delivered in app and/or by email.
  • Appearance & Language — default light/dark theme and EN/ES.

11. Billing & Subscription

Where: Settings → Billing & Subscription (director-only).

  • The status box shows your plan (Free / Pro / Enterprise), its status (active / trialing / past due / canceled) and renewal date.
  • Usage meters show users and clients against your plan limits.
  • Manage Billing opens the Stripe customer portal (payment methods, invoices).
  • The plan cards let you Upgrade, Switch plan or Downgrade — these run through Stripe Checkout / the portal.

Mandato's own subscription billing uses Stripe; the webhook keeps your plan status in sync. (This is separate from the Stripe connection clients use to pay your invoices.)

12. Super-Admin Console (platform operators)

Where: /admin — only for platform operators with the super-admin role, not firm directors.

The super-admin console manages Mandato across all firms:

  • Overview — platform KPIs: tenants, users, clients, cases, storage, a plan breakdown and recently-joined firms.
  • Firms (/admin/tenants) — every firm with its plan, status, user/client/ case counts, storage and last activity.
  • Users (/admin/users) — cross-tenant user directory with search and filters, plus an Impersonate action for support.
  • Billing (/admin/billing) — platform revenue: MRR, ARR, subscribers, ARPA, churn, and revenue by plan.

Every super-admin action is written to a dedicated admin audit log.

13. New-firm setup checklist

A quick path from empty to operational:

  1. Create your firm from the login screen (the onboarding wizard) and set your firm profile.
  2. Branding — add your logo and colours.
  3. Invite your team and set roles (Settings → Team & Roles).
  4. Connect integrations — start with Claude AI (unlocks the AI features), Email, Google Calendar, and OpenSanctions (compliance). See API Keys Setup.
  5. Practice areas & Playbooks — turn on the areas you practise and tailor their stages/tasks.
  6. Import your existing clients and cases (Settings → Import Data).
  7. Intake form — publish one for your website to capture leads.
  8. Compliance — enable auto-screening and set a re-screen interval.
  9. Backups — turn on a scheduled backup.
  10. Time tracking & billing — enable time tracking and set your rates.

Need a hand? The in-app Help Center (the ? icon) and the Ask Mandato assistant answer most setup questions.